.NET news » Security Security Rss Feed

download

Editor's Note: Many Levels of Security

Editor's Note: Many Levels of Security
11 Oct 2005, 03:00:00   Source: Editor's Note: Many Levels of Security   Tags: Security

How Do They Do It? A Look Inside the Security Development Lifecycle at Microsoft

In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process.
11 Oct 2005, 03:00:00   Source: How Do They Do It? A Look Inside the Security...   Tags: Security

What Gives You the Right? Combine the Powers of AzMan and WSE 3.0 to Protect Your Web Services

In this article, Niels Flensted-Jensen demonstrates how you can combine new and existing Microsoft technologies with minimal new code to provide flexible authorization for individual Web service methods. Windows 2003 Authorization Manager, Web Service Enhancements 3.0, and Enterprise Library all play a part.

Who Goes There? Upgrade Your Site's Authentication with the New ASP.NET 2.0 Membership API

Here Dino Esposito and Andrea Saltarello cover the plumbing of the Membership API and its inherently extensible nature, based on pluggable providers. To demonstrate the features, they take an existing ASP.NET 1.x authentication mechanism and port it to ASP.NET 2.0, exposing the legacy authentication mechanism through the new Membership API.

Are You Protected? Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0

Ensuring the security of a Web application is critical and requires careful planning throughout the design, development, deployment, and operation phases. It is not something that can be slapped onto an existing application. In this article, Michael Volodarsky outlines best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications.

Do You Trust It? Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0

When you allow your application to run arbitrary code through an add-in, you may expose users to unknown code, running the risk that malicious code will use your application as an entry point into the user's data. There are several techniques you can use to reduce the attack surface of your application, which Shawn Farkas discusses here.

Learning Paths for Security

Use these learning paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. These paths provide information on security planning, prevention, detection, and response.
4 Oct 2005, 20:55:41   Source: Learning Paths for Security   Tags: Security

High Availability: Keep Your Code Running with the Reliability Features of the .NET Framework

Reliability requires the capacity to execute a sequence of operations in a deterministic way, even under exceptional conditions. This allows you to ensure that resources are not leaked and that you can maintain state consistency without relying on application domain unloading (or worse, process restarts) to fix any corrupted state. Unfortunately, in the.NET Framework, not all exceptions are deterministic and synchronous, which makes it difficult to write code that is always deterministic in its ability to execute a predetermined sequence of operations. In this article Stephen Toub will show you why, and explore features of the .NET Framework 2.0 that help you to mitigate these situations and write more reliable code.
13 Sep 2005, 03:00:00   Source: High Availability: Keep Your Code Running with the...   Tags: Security Bugs

Security Briefs: Credentials and Delegation

Security Briefs: Credentials and Delegation
9 Aug 2005, 03:00:00   Source: Security Briefs: Credentials and Delegation   Tags: Security Bugs

Security Briefs: Customizing GINA, Part 2

Security Briefs: Customizing GINA, Part 2
10 May 2005, 03:00:00   Source: Security Briefs: Customizing GINA, Part 2   Tags: Security